Tag Archives: threat convergence

Targeting of “Western” Critical National Infrastructure and how we all play a part in its defence.

I have read several opinion pieces that suggest ISIS is planning a cyber-geddon style attack on “the West’s” Critical National Infrastructure (CNI). Given the current nature of warfare and the growth of cyberwar/terrorism this seems like a logical opinion.

From the inaugural FT Cyber Security Summit in June this year:

Countries are having to defend themselves against an increasing number of attacks on their information and communications systems from unfriendly states, terrorists and other foreign adversaries. NATO, for example, in June adopted an “Enhanced Cyber Defence Policy”, outlined
in a public information document circulated by the 28-member intergovernmental military alliance at the conference.
“The policy establishes that cyber defence is part of the Alliance’s core task of collective defence, confirms that international law applies in cyberspace and intensifies NATO’s cooperation with industry,” states the document. Key aspects of the policy were discussed at
the event including the fact, reiterated by a member of the audience, that a digital attack on a member state is now covered by Article 5 of the treaty, the collective defence clause, meaning that NATO can used armed force against the aggressor.

We can all play a part in securing our CNI by securing our own networks and businesses to make them less likely to get used as mules or zombies to deliver this threat to our CNI. Back in 2011, Chatham House issued a report on cyber Terrorism and one of its recommendation back then was,

Training and development of staff in cyber security
measures should be seen as an integral part of risk
mitigation strategies.

This says staff, not IT staff or security staff just staff and this is because ‘cyber’ is a part of everyone’s day with very few exceptions. Behaviour and culture have an impact on CNI security. Through supply chains, we are all connected and through our IP enabled devices both at home and work, these connections become ever more complex and exploitable. Part of the problem as I see it is a bit of a disconnect with security at the top of many of our organisations.E&Y visuals security survey 2012 2

 

This is where culture is driven from and addressing this worrying knowledge gap is vital. Evidence for this lack of understanding comes from businesses themselves.

 

Board Compliance visual

 

Advertisements

Mike presenting at ST14 Autumn

ST14 program has been unveiled and Mike will be joining the great and the good in security, on the rostrum.

Mike will be presenting on Threat Convergence. Watch this space for more details or visit the official site so you can sign up for this free event. 

http://www.professionalsecurity.co.uk/events-conferences/security-twenty-14-home/st14-autumn/

 

Advent IM Mike Gillespie

Mike Gillespie – Advent IM MD and Director for Cyber Strategy and Research for The Security Insititute member of the CSCSS Global Select Committee on Cyber Intelligence